CREATE ENCRYPTED DATABASE clause
Use this clause to specify a name for the new encrypted database.
CREATE ENCRYPTED TABLE DATABASE clause
Use this clause to specify a name for the new database. The new database is not encrypted, but has table encryption enabled.
Use this clause to specify the name of the original database (oldfile).
If algorithm-key is anything other than SIMPLE, use this clause to specify the encryption key for newfile.
OLD KEY clause
Use this clause to specify the encryption key for oldfile. This clause is only required if oldfile is encrypted with anything other than SIMPLE encryption.
Use this clause to specify the encryption algorithm to use for newfile. If you specify a KEY clause but do not specify the ALGORITHM clause, AES (128-bit encryption) is used by default. If you
specify SIMPLE for algorithm, you do not specify a KEY clause.
You can also use this statement to create a copy of a database and enable table encryption in the copy.
oldfile can be an unencrypted database, an encrypted database, or a database with table encryption enabled.
Syntax 1 takes an existing database, oldfile, and creates an encrypted copy of it, newfile.
Syntax 2 takes an existing database, oldfile, and creates a copy of it, newfile, with table encryption enabled. When you use this syntax, any tables encrypted in oldfile are encrypted in newfile as well. If no tables were encrypted in oldfile, but you want to encrypt them, you can execute an ALTER TABLE...ENCRYPTED statement on each table you want to encrypt.
Neither syntax replaces or removes oldfile.
If oldfile uses transaction log or transaction log mirror files, they are renamed newfile.log and newfile.mlg respectively.
If oldfile contains dbspace files, an E (for encrypted) is added to the file name. For example, when you execute the CREATE ENCRYPTED
DATABASE statement, the file mydbspace.dbs is changed to mydbspace.dbsE.
You can use this statement to change the encryption algorithm and key for a database. However, the CREATE ENCRYPTED DATABASE
statement produces a new file (newfile), and does not replace or remove the previous version of the file (oldfile).
CREATE ENCRYPTED DATABASE and CREATE ENCRYPTED TABLE DATABASE cannot be executed against a database that requires recovery.
These statements are not supported in procedures, triggers, events, or batches.
You can also encrypt an existing database or change an existing encryption key by unloading and reloading the database using
the dbunload -an option with either -ek or -ep.
You can also create an encrypted database, or a database with table encryption enabled, using the CREATE DATABASE statement.
The following example creates an encrypted copy of the sample database called demoEnc.db. The new database is encrypted with AES256 encryption.
CREATE ENCRYPTED DATABASE 'demoEnc.db'
The following example creates a copy of the sample database called demoTableEnc.db. Table encryption is enabled on the new database. Since a key was specified with no algorithm, AES encryption is used.
CREATE ENCRYPTED TABLE DATABASE 'demoTableEnc.db'